Bug#929907: libgnutls30: Connections to older GnUTLS servers break
Dominik George
dominik.george at teckids.org
Sun Jun 2 23:29:56 BST 2019
Package: libgnutls30
Version: 3.6.7-3
Severity: grave
Justification: renders package unusable
The update to 3.6.7-3 reproducibly breaks ldap-utils (or, maybe,the ldap
client library) when connecting to a server with the previous 3.6.6-2
version. I am afraid it breaks more than that. GnuTLS-secured connections
are just closed with no visible reason.
Seen on more than 12 systems, then went to a system that had not got the
update yet. An ldapsearch works with 3.6.6-2, and fails after updating to
3.6.7-3 with the connection just being closed after reading some data from
the LDAP server setill on 3.6.6-2. Upgrading GnuTLS to 3.6.7-3 on the
server made the problem go away.
I am setting this critical as I cannot imagine it is expected that GnuTLS
clients require the server to be the exact same version.
-- System Information:
Debian Release: 10.0
APT prefers testing
APT policy: (500, 'testing'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 4.19.0-5-amd64 (SMP w/8 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=nb_NO.UTF-8 (charmap=UTF-8), LANGUAGE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages libgnutls30 depends on:
ii libc6 2.28-10
ii libgmp10 2:6.1.2+dfsg-4
ii libhogweed4 3.4.1-1
ii libidn2-0 2.0.5-1
ii libnettle6 3.4.1-1
ii libp11-kit0 0.23.15-2
ii libtasn1-6 4.13-3
ii libunistring2 0.9.10-1
libgnutls30 recommends no packages.
Versions of packages libgnutls30 suggests:
pn gnutls-bin <none>
-- no debconf information
More information about the Pkg-gnutls-maint
mailing list